Description

Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.

Remediation

References

CVE-2012-5391

Related Vulnerabilities

Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2020-9484)

WordPress Plugin Fourteen Extended Cross-Site Scripting (1.2.31)

Oracle JRE CVE-2017-10293 Vulnerability (CVE-2017-10293)

WordPress Plugin Lara's Google Analytics Cross-Site Scripting (2.0.4)

WordPress Plugin Catch Breadcrumb Security Bypass (1.6)

Severity

Medium

Classification

CVE-2012-5391

Tags

Missing Update Known Vulnerabilities